[Cryptech Tech] Suggested changes to TRNG

Joachim Strömbergson joachim at secworks.se
Wed Oct 7 07:17:02 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Benedikt Stockebrand wrote:
> Anyway, what I've done with the ARRGH firmware was to wait until
> I've seen all 256 byte values from the source and only then start
> passing random data out.
> 
> This is probably a bit over the top, but it's still reasonably fast
> to start up.  It's reasonably easy to do in an MCU; don't know about
> FPGAs, though.

Takes a 256 bit wide register and a big honking 256-1 AND gate. Done. ;-)


> Using a fixed interval is a bad idea because a fixed interval won't 
> adapt to tolerances of the components etc.

That is true. One would however also need to add a timer to be able to
say that longer then XYZ ms before seeing all 256 bit values and the
entropy source is probably dead. Otherwise you could wait indefinitely.

Also, the warmup is just to give the noise sources time to properly
start, not ensure that they operate correctly. That is the
responsibility of the the startup test and online monitors. So I don't
think we should spend to much resources on the warmup function. Your
solution would require more registers, but not much else.

Good idea, thanks!

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJWFMbuAAoJEF3cfFQkIuyN0FAQAMO4NFiPEJiuZIW/E4yqyVkJ
bRYiLVtvcH8CTVjWgex7Ivjstznw6SnyxSyUF4KZ1ZQjqesjOv6qjAjWiYO0MLv9
boTyZd+4A/IHJI+Vi0yiJXXJOrJWWOEzIi3qiwRVOYGaybJavKHY/5klIt/0wcRy
Cw27HaK22e1VshcPXtyejeLPoEtzNL/G+ALCFp4xv7+bS6R27Ns0kcsCnTHubmIS
Evf4sq3Y/YVxoY3C/aKxdVRu3CQDOT4emVw+5ko2phlXTrqwqlfOgRSPKQ4vjmEQ
P+1EjHw5WVNKY1b6hIVsjt8TRwiB8WHwHuNU8YfKMnTH4e/clv4YBnv2BOJxxnoF
muyEGmPNlcRKDzxuywJcOwXzdFkaAYz25ulDxNvAFt1MVSvgbjdCr8sg8gVSyqsY
w89SahXN7RGb8fZbQlgb6outFmVoImE/+fexwf0SZUqWbahQqtdyKsdUzzes8LKO
GrMgYZgQkFYG4LjTjReeADIQcX4wJ2+K5kzRN1KTJB0kn96KSHoxJlS80kHfpktI
cy25TgSFDlbb0OdOqQD0UycxsRVgJ+WBQj6FXQ9C7nKn8mbrVxzo0LpgIBASFIsz
bNUDMTCyNLEbfFq1U8q2DZYFXPVFbZ+5cm1xoCI1T6BRxd5SlItwusE7MPNBysM8
srA4PFSrYSKSo+29EeMF
=9lTD
-----END PGP SIGNATURE-----


More information about the Tech mailing list